The Last Watchdog

OCTOBER 3, 2024

Singapore, Oct. 3, 2024, CyberNewswire — At DEF CON 32, the SquareX research team delivered a hard-hitting presentation titled Sneaky Extensions: The MV3 Escape Artists where they shared their findings on how malicious browser extensions are bypassing Google’s latest standard for building chrome extensions: Manifest V3 (MV3)’s security features, putting millions of users and businesses at risk.

Risk 243

Risk Password Management Malware Media 243

Schneier on Security

OCTOBER 3, 2024

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware.

Ransomware 224

Ransomware Malware Hacking 224

Tech Republic Security

OCTOBER 3, 2024

A third of U.K. teachers have not received cyber security training this year, and only two-thirds of those that did deemed it useful, according to a government poll.

Cybersecurity 188

Cybersecurity Government Education 188

Malwarebytes

OCTOBER 3, 2024

Like something out of Black Mirror, two students have demonstrated a way to use smart glasses and facial recognition technology to immediately reveal people’s names, phone numbers, and addresses. The Harvard students have dubbed the system I-XRAY and it works like this: When you look at someone’s face through the glasses—they used Ray-Ban Meta smart glasses—a connected Artificial Intelligence (AI) platform will look up that face on the internet and pull up all the information it can find about t

Artificial Intelligence 143

Artificial Intelligence Engineering Surveillance Technology 143

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

OCTOBER 3, 2024

A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K.

Ransomware 142

Ransomware 142

Security Affairs

OCTOBER 3, 2024

Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months.

Hacking 141

Hacking Passwords Cybersecurity Cybercrime 141

Security Affairs

OCTOBER 3, 2024

The Dutch government blames a “state actor” for hacking a police system, exposing the contact details of all police officers, according to the justice minister. The Dutch police blame a state actor for the recent data breach that exposed officers’ contact details, the justice minister told lawmakers. The incident took place on September 26, 2024, and the police have reported the security breach to the Data Protection Authority.

Data breaches 136

Data breaches Hacking Government Accountability 136

The Hacker News

OCTOBER 3, 2024

Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries.

Cyber Attacks 141

Cyber Attacks 141

Malwarebytes

OCTOBER 3, 2024

Two things are true of data online: It will be collected and, just as easily, it will be lost. But a major update to Malwarebytes Browser Guard will better protect users from opaque data collection that happens every day online, as well as raising their awareness about corporate data breaches that have left their sensitive information vulnerable to harm.

Data breaches 134

Data breaches Data collection Advertising Internet 134

The Hacker News

OCTOBER 3, 2024

INTERPOL has announced the arrest of eight individuals in Côte d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said.

Phishing 140

Phishing Scams 140

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

OCTOBER 3, 2024

Cloudflare recently mitigated a new record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion packets per second (Pps). Cloudflare reported that starting from early September, it has mitigated over 100 hyper-volumetric L3/4 DDoS attacks, with many exceeding 2 billion Pps and 3 Tbps. The largest DDoS attack peaked at 3.8 Tbps, that is the highest ever publicly disclosed. “Cloudflare’s defenses mitigated over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with m

DDOS 131

DDOS Internet Internet Authentication 131

The Hacker News

OCTOBER 3, 2024

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface.

Mobile 139

Mobile 139

Penetration Testing

OCTOBER 3, 2024

In a significant move to enforce the Digital Services Act (DSA), the European Commission has issued formal requests for information to YouTube, Snapchat, and TikTok, demanding detailed insights into the... The post YouTube, Snapchat, TikTok Ordered to Reveal Recommender System Details Amid DSA Crackdown appeared first on Cybersecurity News.

Cybersecurity 131

Cybersecurity Technology 131

The Last Watchdog

OCTOBER 3, 2024

San Francisco, Calif., Oct. 3, 2024, CyberNewswire — Doppler , the leading platform in secrets management, today announces the launch of Change Requests , a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. Designed to enhance security, compliance, and team collaboration, Change Requests gives organizations the tools to mitigate the potential risks from misconfigurations or unauthorized changes

Data breaches 130

Data breaches Cybercrime Risk Media 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

OCTOBER 3, 2024

As organizations continue to adopt more SaaS applications, the need for comprehensive security solutions will only grow. The post SSPM: A Better Way to Secure SaaS Applications appeared first on Security Boulevard.

Cybersecurity 126

Cybersecurity 126

The Last Watchdog

OCTOBER 3, 2024

Torrance, Calif., Oct. 3, 2024, CyberNewswire — An exclusive live webinar will take place on October 4th at noon Eastern Time (ET), demonstrating how Criminal IP’s Attack Surface Management (ASM) can help organizations proactively detect and mitigate cyber threats. The webinar will feature a Criminal IP ASM Live Demo, providing a comprehensive view of attack surface visibility.

Cyber threats 130

Cyber threats Threat Detection Media Cybersecurity 130

The Hacker News

OCTOBER 3, 2024

For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe.

Firewall 121

Firewall 121

Penetration Testing

OCTOBER 3, 2024

A high-severity vulnerability, CVE-2024-9313 ((CVSS 8.8)), has been discovered in Authd, an authentication daemon used for secure identity and access management in Ubuntu machines. This flaw could allow malicious actors... The post Authd Vulnerability (CVE-2024-9313) Allows User Impersonation on Ubuntu Systems appeared first on Cybersecurity News.

Authentication 111

Authentication Cybersecurity 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Graham Cluley

OCTOBER 3, 2024

International law enforcement continues to dismantle the LockBit ransomware gang's infrastructure. Read more in my article on the Tripwire State of Security blog.

Ransomware 102

Ransomware Malware 102

Penetration Testing

OCTOBER 3, 2024

A high-severity vulnerability (CVE-2024-5102) has been discovered in Avast Antivirus for Windows, potentially allowing attackers to gain elevated privileges and wreak havoc on users’ systems. This flaw, present in versions... The post CVE-2024-5102: Avast Antivirus Flaw Could Allow Hackers to Delete Files and Run Code as SYSTEM appeared first on Cybersecurity News.

Antivirus 105

Antivirus Cybersecurity 105

Zero Day

OCTOBER 3, 2024

The AAWireless TWO is now smarter and more customizable - but only for Android users. Here's how to get notified when the dongle goes on sale later this month.

Wireless 98

Wireless 98

Penetration Testing

OCTOBER 3, 2024

Gen Threat Labs has issued an alert about a newly discovered rootkit named Snapekit, which poses a significant threat to Arch Linux systems running kernel version 6.10.2-arch1-1 x86_64. This sophisticated... The post Snapekit Rootkit Unveiled: A Stealthy Threat Targeting Arch Linux appeared first on Cybersecurity News.

Cybersecurity 97

Cybersecurity Malware 97

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Zero Day

OCTOBER 3, 2024

Want a voice assistant you can have natural conversations with? If you're on Android, you're in luck.

98

98

SecureWorld News

OCTOBER 3, 2024

The utility industry is undergoing changes that were unimaginable just a few decades ago. Remember when we were all excited about dial-up internet? Things have changed. Fast forward to today, and and we're not just talking about high-speed internet. But it also includes smart devices that monitor every aspect of today's utilities. From smart meters to self-repairing cables and now, with the launch of 5G, it feels like we are entering a new era.

IoT 94

IoT Energy and Utilities Internet Internet 94

Zero Day

OCTOBER 3, 2024

This lifetime license bundle deal gives you access to the entire Microsoft Office Pro 2021 suite and Windows 11 Pro for just $53 for a limited time.

98

98

CompTIA on Cybersecurity

OCTOBER 3, 2024

Learn how to create relevant and impactful tabletop exercises for your clients.

94

94

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Zero Day

OCTOBER 3, 2024

The fifth-gen Lenovo ThinkBook Plus is a laptop/tablet hybrid that runs on both Windows 11 and Android 13, resulting in a unique user experience that changed the way I use both.

98

98

Heimadal Security

OCTOBER 3, 2024

Privileged access management is one of the most important topics in cybersecurity – yet it can be a minefield to get right. For hackers, elevated permissions are one of the absolute best ways to plan and execute a successful account. In fact, many attacks would simply be impossible without them. But effective privileged access management […] The post The Complete Guide to PAM Tools, Features, And Techniques appeared first on Heimdal Security Blog.

Accountability 85

Accountability Cybersecurity 85

Zero Day

OCTOBER 3, 2024

Amazon is offering a $100 gift card when you buy the Samsung Galaxy S24 FE AI smartphone ahead of their Big Deal Days sale event on October 8 and 9.

98

98

Google Security

OCTOBER 3, 2024

Posted by Sherk Chung, Stephan Chen, Pixel team, and Roger Piqueras Jover, Ivan Lozano, Android team Pixel phones have earned a well-deserved reputation for being security-conscious. In this blog, we'll take a peek under the hood to see how Pixel mitigates common exploits on cellular basebands. Smartphones have become an integral part of our lives, but few of us think about the complex software that powers them, especially the cellular baseband – the processor on the device responsible for handl

Firmware 84

Firmware Software Risk Malware 84

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity